How to Fix Antimalware Service Executable High CPU Usage on Windows 10

Experiencing high CPU usage and a sluggish system? It could be the Antimalware Service Executable bug.

If your computer feels sluggish or unresponsive, it’s best to check whether some process is eating into the memory and CPU. It’s likely that the process could be the Antimalware Service Executable. This common issue arises when Windows Defender has not been configured properly or there is malware on your system interfering with its functioning.

Here’s how you fix the Antimalware Service Executable high CPU usage bug on Windows 10.

1. Optimize Windows Defender Scheduling Options

The Antimalware Service Executable results in high CPU usage when it’s scheduled to run a full scan of your system at regular intervals. It is best to reschedule these scans to a time when you are less likely to attempt CPU intensive tasks, or perhaps even using your computer at all.

Here’s how to change Windows Defender’s scheduling:

1. In the Start menu search bar, type “task scheduler” and click on Task Scheduler.
2. On the navigation pane on the left, go to Task Scheduler Library > Microsoft > Windows > Windows Defender. You can do this by expanding each of the aforementioned libraries.
3. In the Windows Defender library, double click on Windows Defender Scheduled Scan in the middle pane.
4. Under the Conditions tab, uncheck all options and click on OK. This removes all scheduled scans.

Create New Scheduled Scans

Users should create new scheduled scans so that their computer remains protected. It’s best to personalize it according to your needs. You could schedule them at times when you know you won’t be doing CPU heavy tasks. But the frequency should be at least once a week.

To create a new Windows Defender schedule, follow these steps:

1. Open Task Scheduler and once again navigate to Task Scheduler Library > Microsoft > Windows > Windows Defender
2. Double click Windows Defender Scheduled Scan.
3. Under the Triggers tab, click on New.
4. Here you can choose how frequently the scan will run.
5. Apply settings and exit.

2. Add Windows Defender to its Own Exclusion List

When performing a full system scan, Windows Defender goes through every single file on your system. This includes itself which may result in some problems—most commonly sluggish system performance. Users can prevent this by adding the Antimalware Service Executable to Windows Defender’s exclusion list.

This can be done by following these steps:

1. Press CTRL + Shift + ESC to launch the Task Manager.
2. Under the Processes tab look for Antimalware Service Executable. Right-click it and select Open file location.
3. In the address bar located at the top in Windows Explorer, copy the file path (CTRL + C).
4. In the Start menu search bar, enter “Windows Security” and open the app. It has a blue shield icon.
5. Click on Virus & threat protection and subsequently click on Manage settings.
6. Scroll down until you find Exclusions and then click on Add or remove exclusions.
7. Click on Add an exclusion then click on File.
8. In the address bar of the File Explorer window, paste the path you had copied earlier (CTRL + V).
9. Look for MsMpEng.exe and click open.
10. The file will now be excluded from all future Windows Defender scans.

Related: 4 Reasons to Use Windows Defender

3. Repair Corrupt Windows Defender Files Using SFC

SFC is an in-built Windows utility that automatically scans and fixes any damaged system files. This is what will help repair corrupt Windows Defender files.

To use this, do the following:

1. In the Start menu search bar, type cmd and open Command Prompt.
2. In the console, type sfc /scannow and hit Enter.
3. Windows will take some time to scan and repair corrupt system files including those of Windows Defender.

4. Disable Windows Defender

When all else fails, it’s time to disable Windows Defender altogether. Before doing so be sure to download and install third-party antivirus software to keep your computer safe.

To disable Windows Defender, follow these steps:

1. In the Start menu search bar, type Windows Security and open it.
2. On the dashboard, click on Virus & threat protection and then click on Manage Settings.
3. Switch Real-time protection to Off.
4. Exit and reboot your computer.

5. Use a Clean Boot to Check Whether a Third-Party App May be      Responsible

Sometimes, third-party applications may interfere with system processes. It’s also possible that the third-party software is being misread as malware. To rule out third-party apps as the reason for the problem, users should perform a clean boot.

Here are the steps on how to go about it:

1. Press Windows Key + R to open the Run command. Type msconfig and hit Enter.
2. In the System Configuration window, go to Services.
3. Check the Hide all Microsoft services option. Then proceed to check all services in the list.
4. Click on Disable all.
5. Save and exit.
6. Now, open Task Manager by pressing CTRL + Shift + ESC.
7. Under the Startup tab, click on every service one by one and click Disable.
8. Exit and reboot your computer.

The computer will now boot with all third-party applications disabled. Users should check whether they’re still having the issue and if they aren’t then it’s best to uninstall any recently installed applications as they’re the culprits.

6. Check for Malware Using Third-Party Antivirus

There are viruses that directly affect Windows Defender and they may either- disrupt its functioning or disable it altogether. In such cases, the only solution is to scan the computer using third-party antivirus software.

But first, in order to ensure that Windows Defender has indeed been infected, check and see if Real-time protection gets disabled automatically. Remember, you should always ensure that Windows Defender is working to its maximum potential.

In some cases, users have reported that they’re unable to remove infected files (detected by Windows Defender itself) using Windows Defender.

To check for this issue, simply follow these steps:

1. In the Start menu search bar, type Windows Security and launch the application.
2. On the dashboard, click on Virus & threat protection.
3. Under Current Threats, click on Protection history.
4. Under Quarantined Threats, click on See full history.
5. Now click on any threat from the list and select Remove.
6. If Windows Defender removes the file then all is working well but if it is unable to remove the file, or there’s an infinite wait animation then Windows Defender has been infected.

Related: The 5 Best Free Internet Security Software for Windows

Fixing the Antimalware Service Executable High CPU Usage Bug

Using the tips above will improve your computer’s performance as well as responsiveness. Just ensure that your computer is never left unprotected from malware. It’s recommended that you download some other antivirus software before disabling Windows Defender.

About The Author